diff options
author | Julien Dessaux | 2024-11-14 01:34:29 +0100 |
---|---|---|
committer | Julien Dessaux | 2024-11-14 01:34:29 +0100 |
commit | 3d8812fbd0091d2ef636949628c52bf9f48617a6 (patch) | |
tree | 00755c8903497ad7abaaffffbbaa4a37fdf41a03 /pkg/database/accounts.go | |
parent | chore(tfstated): rename state "name" to "path" for consistency (diff) | |
download | tfstated-3d8812fbd0091d2ef636949628c52bf9f48617a6.tar.gz tfstated-3d8812fbd0091d2ef636949628c52bf9f48617a6.tar.bz2 tfstated-3d8812fbd0091d2ef636949628c52bf9f48617a6.zip |
feat(tfstated): implement HTTP basic auth
Diffstat (limited to 'pkg/database/accounts.go')
-rw-r--r-- | pkg/database/accounts.go | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/pkg/database/accounts.go b/pkg/database/accounts.go new file mode 100644 index 0000000..7902371 --- /dev/null +++ b/pkg/database/accounts.go @@ -0,0 +1,88 @@ +package database + +import ( + "database/sql" + "fmt" + "log/slog" + "time" + + "git.adyxax.org/adyxax/tfstated/pkg/model" + "go.n16f.net/uuid" +) + +func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) { + account := model.Account{ + Username: username, + } + var ( + encryptedPassword []byte + created int64 + lastLogin int64 + ) + err := db.QueryRow( + `SELECT id, password, is_admin, created, last_login, settings + FROM accounts + WHERE username = ?;`, + username, + ).Scan(&account.Id, + &encryptedPassword, + &account.IsAdmin, + &created, + &lastLogin, + &account.Settings, + ) + if err != nil { + return nil, err + } + password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword) + if err != nil { + return nil, err + } + account.Password = string(password) + account.Created = time.Unix(created, 0) + account.LastLogin = time.Unix(lastLogin, 0) + return &account, nil +} + +func (db *DB) InitAdminAccount() error { + tx, err := db.Begin() + if err != nil { + return err + } + defer func() { + if err != nil { + _ = tx.Rollback() + } + }() + var hasAdminAccount bool + if err = tx.QueryRowContext(db.ctx, `SELECT EXISTS (SELECT 1 FROM accounts WHERE is_admin);`).Scan(&hasAdminAccount); err != nil { + return fmt.Errorf("failed to select if there is an admin account in the database: %w", err) + } + if hasAdminAccount { + tx.Rollback() + } else { + var password uuid.UUID + if err = password.Generate(uuid.V4); err != nil { + return fmt.Errorf("failed to generate initial admin password: %w", err) + } + var encryptedPassword []byte + encryptedPassword, err = db.dataEncryptionKey.EncryptAES256([]byte(password.String())) + if err != nil { + return fmt.Errorf("failed to encrypt initial admin password: %w", err) + } + if _, err = tx.ExecContext(db.ctx, + `INSERT INTO accounts(username, password, is_admin) + VALUES ("admin", :password, TRUE) + ON CONFLICT DO UPDATE SET password = :password + WHERE username = "admin";`, + sql.Named("password", encryptedPassword), + ); err != nil { + return fmt.Errorf("failed to set initial admin password: %w", err) + } + err = tx.Commit() + if err == nil { + slog.Info("Generated an initial admin password, please change it or delete the admin account after your first login", "password", password.String()) + } + } + return err +} |